Re: Dump a mode --x--x--x binary on Linux 2.0.x

From: Martin Mares (mjat_private)
Date: Thu Sep 17 1998 - 00:18:10 PDT

Next message: Vincent Janelle: "SunRPC and slackware 3.4 and 3.5.."

Previous message: Taral: "Re: ANNOUNCE: secure identd v0.3"
Maybe in reply to: David Luyer: "Dump a mode --x--x--x binary on Linux 2.0.x"
Next in thread: Neale Banks: "Re: Dump a mode --x--x--x binary on Linux 2.0.x"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Being able to override the expectations of those programs which are installed
> mode 111 _is_ a security problem in that it violates expected semantics and
> that when a given Unix variant makes any attempt to enforce these semantics
> it should make sure it completely enforces them, instead of giving a false
> sense of security.  Sound like "security by obscurity" to anyone?

   Semantics of unreadable files is well-defined at file level (i.e., it's
defined you cannot read() them), but not at any other level. No standard
guarantees you that contents of such binaries are not accessible in any other
way, so relying on it in order to secure things does sound like "security by
obscurity" to me.

   Enforcing real unreadability on the PC is very hard, given the fact i386
does not support execute-only pages.

                                Have a nice fortnight
--
Martin `MJ' Mares   <mjat_private>   http://atrey.karlin.mff.cuni.cz/~mj/
Faculty of Math and Physics, Charles University, Prague, Czech Rep., Earth
"What color is a chameleon on a mirror?"

Next message: Vincent Janelle: "SunRPC and slackware 3.4 and 3.5.."
Previous message: Taral: "Re: ANNOUNCE: secure identd v0.3"
Maybe in reply to: David Luyer: "Dump a mode --x--x--x binary on Linux 2.0.x"
Next in thread: Neale Banks: "Re: Dump a mode --x--x--x binary on Linux 2.0.x"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:16:33 PDT